On Tue, 9 Mar 2021 at 14:23, Alex Bennée <alex.ben...@linaro.org> wrote: > > As per the spec: > > the PARAMETER REGISTER contains the address of a pointer to a > four-field data block. > > So we need to follow the pointer and place the results of SYS_HEAPINFO > there. > > Bug: https://bugs.launchpad.net/bugs/1915925 > Cc: Bug 1915925 <1915...@bugs.launchpad.net> > Cc: Keith Packard <kei...@keithp.com> > Signed-off-by: Alex Bennée <alex.ben...@linaro.org> > --- > semihosting/arm-compat-semi.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/semihosting/arm-compat-semi.c b/semihosting/arm-compat-semi.c > index 733eea1e2d..2ac9226d29 100644 > --- a/semihosting/arm-compat-semi.c > +++ b/semihosting/arm-compat-semi.c > @@ -1210,6 +1210,8 @@ target_ulong do_common_semihosting(CPUState *cs) > retvals[2] = rambase + limit; /* Stack base */ > retvals[3] = rambase; /* Stack limit. */ > #endif > + /* The result array is pointed to by arg0 */ > + args = arg0; > > for (i = 0; i < ARRAY_SIZE(retvals); i++) { > bool fail; > --
No, 'args' is the argument array. That's not the same thing as the data block we're writing, and we shouldn't reassign that variable here. What was wrong with the old arm-semi.c code, which just did appropriate loads and stores here, and worked fine and was not buggy ? thanks -- PMM -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1915925 Title: ARM semihosting HEAPINFO results wrote to wrong address Status in QEMU: Confirmed Bug description: This affects latest development branch of QEMU. According to the ARM spec of the HEAPINFO semihosting call: https://developer.arm.com/documentation/100863/0300/Semihosting- operations/SYS-HEAPINFO--0x16-?lang=en > the PARAMETER REGISTER contains the address of a pointer to a four- field data block. However, QEMU treated the PARAMETER REGISTER as pointing to a four- field data block directly. Here is a simple program that can demonstrate this problem: https://github.com/iNvEr7/qemu-learn/tree/newlib-bug/semihosting- newlib This code links with newlib with semihosting mode, which will call the HEAPINFO SVC during crt0 routine. When running in QEMU (make run), it may crash the program either because of invalid write or memory curruption, depending on the compiled program structure. Also refer to my discussion with newlib folks: https://sourceware.org/pipermail/newlib/2021/018260.html To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1915925/+subscriptions
